AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Skype

Location

Interests

Hello,
We are currently running Windows Defender client version is 4.10.14393.0, however in Programs and Features it showes System Centre Endoint Protection 4.7.214.0.
Please note that we are pushing the SCEP policies via sccm
Here is the screen captures :
Any ideas?

I am using SCEP and already have alerting setup. Most of the alerts that I receive require no further action since SCEP deleted it. On rare occasion, there will be something detected that SCEP fails to handle automatically. Is there a way to create a custom alert that will only be triggered when this condition occurs?

Good afternoon,
I have problem with creating something like "subselected query".
I need to find which computers do not have installed Forefront Endpoint Protection.
The best solution seems to be find on computer msseces.exe, because Add or remove programs was not successful for me.
I created query, which show me, which computers contain msseces.exe:
select SMS_R_System.NetbiosName, SMS_R_System.LastLogonUserName, SMS_G_System_SYSTEM_CONSOLE_USER.LastConsoleUse, SMS_G_System_OPERATING_SYSTEM.Version, SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM_CONSOLE_USER on SMS_G_System_SYSTEM_CONSOLE_USER.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "msseces.exe"
Than I created subselected query, which should show me computers without "msseces.exe":
select SMS_R_System.LastLogonUserName, SMS_R_System.OperatingSystemNameandVersion, SMS_R_System.NetbiosName from SMS_R_System where SMS_R_System.ResourceId not in (select SMS_R_System.NetbiosName, SMS_R_System.LastLogonUserName, SMS_G_System_SYSTEM_CONSOLE_USER.LastConsoleUse, SMS_G_System_OPERATING_SYSTEM.Version, SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM_CONSOLE_USER on SMS_G_System_SYSTEM_CONSOLE_USER.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "msseces.exe")
But it do not works for me..
Could anyone help me please?
Thank you very much,
Lucas

I've been noticing an odd occurrence on my system lately. I have an ADR setup to deploy Forefront Updates, set to install outside of MW and not prompt the user for anything. All has been well. For whatever reason, we now have a version mismatch between the clients and SCCM. The ADR still seems to be pushing updates, even though they don't install, but is also notifying users of updates constantly.
I checked my endpoint log, and see this:
EP 4.2.223.1 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Check and enforce EP Deployment state. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Sending message to external event agent to test and enable notification EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
EP Policy Antimalware Policy is already applied. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Firewall provider is installed. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Installed firewall provider meet the requirements. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88)
Endpoint is triggered by message. EndpointProtectionAgent 6/27/2013 10:39:00 AM 6356 (0x18D4)
File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0. EndpointProtectionAgent 6/27/2013 10:39:00 AM 6356 (0x18D4)
If I install the EP client off of my distribution point, the version is correct. One of the windows updates pushed out by SCCM is a newer version of the EP client, as I see it in the installed updates. Since it pushed this new version out, I get constant mismatches. There are now constant notifications that updates are available on user machines, and they're always for Forefront, even though my ADR says to hide all notifications.
How should I go about correcting this? I haven't had much luck finding others with the issue yet, and most places I've posted at looking for some insight yield no responses.

Hello,
I have been installing Config manager clients on servers I want to manage. These servers already had Forefront 2010 installed and being managed by the FEP server. When I log into a server I see that FEP 2010 is still listed under programs as well as the ConfigManger stuff. Is the FEP 2010 supposed to be manually removed or is this supposed to be automatically overwritten / uninstalled when I elect to use SCEP?
Please let me know if you need more information.

Ran across this today, see attached.
Any ideas?
How can you manually install the Endpoint Protection Client if needed? The reason I ask is during mass imaging (we have over 5000 to image) how long should it take to get the Endpoint client on it? Some have been getting it fairly fast and now it seems it's taking 20 min or so.

I am having an extremely frustrating issue with Forefront 2010 integrated on SCCM 2007 R3, i have set up e-mail alerts and would like these alerts to be sent to our computer technicians. My alert structure is setup as follows:
Collections:
- #Location Based collections
- School Abbreviation (ie. WDCS)
(I have about 40 of these abbreviated school names)
User Accounts:
- SCCM Admins:
Rights:
- All Rights
- IT Techs - Contains computer technician (delegated users)
Rights:
- Class: Collection, Permissions: Read, Use Remote Tools, Read Resource
- Class: Package, Permissions: Read
- Class: Advertisement, Permissions: Read
- Class: Status Message, Permissions: Read
- Class: Site, Permissions: Read
- Class: Query, Permissions: Read, Modify, Create
- Class: Report, Permissions: Read
Anyone who is a memaber of SCCM Admins is successfully recieving e-mail notifications from forefront, however anyone in the IT techs group is not. If i send a test e-mail it sends to all users regardless of group memberhip. This is leading me to believe that member of the it techs group simply do no thave required permissions to recieve forefront email notifications regarding malware outbreaks even though they have read permissions on class: report.
Does anyone have any suggestions, is there any further information that i can provide?
Thanks